Log Activity Tab Overview
An event is a record from a log source, such as a firewall or router device, that describes an action on a network or host.
The Log Activity tab specifies which events are associated with offenses.
You must have permission to view the Log Activity tab.
Log Activity Tab Toolbar
You can access several options from the Log Activity toolbar
Using the toolbar, you can access the following options:
Table 1: Log Activity Toolbar Options
Click Search to perform advanced searches on events. Options include:
From this list box, you can run previously saved searches. Options are displayed in the Quick Searches list box only when you have saved search criteria that specifies the Include in my Quick Searches option.
Click Add Filter to add a filter to the current search results.
Click Save Criteria to save the current search criteria.
Click Save Results to save the current search results. This option is only displayed after a search is complete. This option is disabled in streaming mode.
Click Cancel to cancel a search in progress. This option is disabled in streaming mode.
Click False Positive to open the False Positive Tuning window, which will allow you to tune out events that are known to be false positives from creating offenses.
This option is disabled in streaming mode. For more information about tuning false positives, see Tuning False Positives.
The Rules option is only visible if you have permission to view rules.
Click Rules to configure custom event rules. Options include:
Click Actions to perform the following actions:
Note: The Print, Export to XML, and Export to CSV options are disabled in streaming mode and when viewing partial search results.
The default view on the Log Activity tab is a stream of real-time events. The View list contains options to also view events from specified time periods. After you choose a specified time period from the View list, you can then modify the displayed time period by changing the date and time values in the Start Time and End Time fields.
Right-click Menu Options
On the Log Activity tab, you can right-click an event to access more event filter information.
The right-click menu options are:
Table 2: Right-click Menu Options
Select this option to filter on the selected event, depending on the selected parameter in the event.
Select this option to open the False Positive window, which will allow you to tune out events that are known to be false positives from creating offenses. This option is disabled in streaming mode. See Tuning False Positives.
Select this option to investigate an IP address or a user name. For more information about investigating an IP address, see Investigating IP addresses. For more information about investigating a user name, see Investigating user namesYou can right-click a user name to access more menu options. Use these options to view more information about the user name or IP address..
Note: This option is not displayed in streaming mode.
Filter items that match, or do not match the selection.
When streaming events, the status bar displays the average number of results that are received per second.
This is the number of results the Console successfully received from the Event processors. If this number is greater than 40 results per second, only 40 results are displayed. The remainder is accumulated in the result buffer. To view more status information, move your mouse pointer over the status bar.
When events are not being streamed, the status bar displays the number of search results that are currently displayed on the tab and the amount of time that is required to process the search results.